Index: wp-includes/taxonomy.php =================================================================== --- wp-includes/taxonomy.php (revision 15910) +++ wp-includes/taxonomy.php (working copy) @@ -534,7 +534,7 @@ case 'slug': case 'name': foreach ( $terms as $i => $term ) { - $terms[$i] = sanitize_term_field('slug', $term, 0, $taxonomy, 'db'); + $terms[$i] = sanitize_title_for_query($term); } $terms = array_filter($terms); Index: wp-includes/query.php =================================================================== --- wp-includes/query.php (revision 15910) +++ wp-includes/query.php (working copy) @@ -1786,7 +1786,7 @@ } if ( '' != $q['name'] ) { - $q['name'] = sanitize_title($q['name']); + $q['name'] = sanitize_title_for_query($q['name']); $where .= " AND $wpdb->posts.post_name = '" . $q['name'] . "'"; } elseif ( '' != $q['pagename'] ) { if ( isset($this->queried_object_id) ) { @@ -1814,9 +1814,8 @@ $page_for_posts = get_option('page_for_posts'); if ( ('page' != get_option('show_on_front') ) || empty($page_for_posts) || ( $reqpage != $page_for_posts ) ) { - $q['pagename'] = str_replace('%2F', '/', urlencode(urldecode($q['pagename']))); $page_paths = '/' . trim($q['pagename'], '/'); - $q['pagename'] = sanitize_title(basename($page_paths)); + $q['pagename'] = sanitize_title_for_query(basename($page_paths)); $q['name'] = $q['pagename']; $where .= " AND ($wpdb->posts.ID = '$reqpage')"; $reqpage_obj = get_page($reqpage); @@ -1828,9 +1827,8 @@ } } } elseif ( '' != $q['attachment'] ) { - $q['attachment'] = str_replace('%2F', '/', urlencode(urldecode($q['attachment']))); $attach_paths = '/' . trim($q['attachment'], '/'); - $q['attachment'] = sanitize_title(basename($attach_paths)); + $q['attachment'] = sanitize_title_for_query(basename($attach_paths)); $q['name'] = $q['attachment']; $where .= " AND $wpdb->posts.post_name = '" . $q['attachment'] . "'"; } @@ -1963,7 +1961,7 @@ $q['author_name'] = $q['author_name'][count($q['author_name'])-2]; // there was a trailling slash } } - $q['author_name'] = sanitize_title($q['author_name']); + $q['author_name'] = sanitize_title_for_query($q['author_name']); $q['author'] = get_user_by('slug', $q['author_name']); if ( $q['author'] ) $q['author'] = $q['author']->ID; Index: wp-includes/formatting.php =================================================================== --- wp-includes/formatting.php (revision 15910) +++ wp-includes/formatting.php (working copy) @@ -628,6 +628,7 @@ chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z', chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z', chr(197).chr(190) => 'z', chr(197).chr(191) => 's', + chr(200).chr(153) => 's', chr(200).chr(155) => 't', // Euro Sign chr(226).chr(130).chr(172) => 'E', // GBP (Pound) Sign @@ -783,19 +784,27 @@ * * @param string $title The string to be sanitized. * @param string $fallback_title Optional. A title to use if $title is empty. + * @param string $context Optional. The operation for which the string is sanitized * @return string The sanitized string. */ -function sanitize_title($title, $fallback_title = '') { +function sanitize_title($title, $fallback_title = '', $context = 'save') { $raw_title = $title; - $title = strip_tags($title); - $title = apply_filters('sanitize_title', $title, $raw_title); + if ( 'save' == $context ) + $title = remove_accents($title); + + $title = apply_filters('sanitize_title', $title, $raw_title, $context); + if ( '' === $title || false === $title ) $title = $fallback_title; return $title; } +function sanitize_title_for_query($title) { + return sanitize_title($title, '', 'query'); +} + /** * Sanitizes title, replacing whitespace with dashes. * @@ -816,7 +825,6 @@ // Restore octets. $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title); - $title = remove_accents($title); if (seems_utf8($title)) { if (function_exists('mb_strtolower')) { $title = mb_strtolower($title, 'UTF-8');